My research area is computer security. Specifically, my interests include systems security, program analysis for security, virtualization, trusted computing, and access control. I have published over 170 peer-reviewed papers on these subjects. See DBLP and Google Scholar or "See My Publications" below.

My work has been funded by the National Science Foundation ( CNS-0627551, CNS-0721579, CNS-0905343, CNS-0931914, CNS-1117692, CNS-1408880, CNS-1801534, and CNS-1816282 ), Defense Advanced Research Projects Agency, Air Force Research Lab, Army Research Lab, Office of Naval Research, Air Force Office of Scientific Research, and a number of industrial sponsors, including Google, Samsung, Cisco, and HP Labs. Their support is gratefully acknowledged.

See My Publications

Current Research Highlights

Software Security

A recent focus is memory safety validation. Researchers have speculated that a large fraction of memory accesses in C/C++ programs cannot violate memory safety, but we do not yet take advantage of this hypothesis to protect memory systematically. We show that over 85% of stack objects (across 1,200+ Linux packages in our recent study in IEEE SecDev 2023) can be validated to be safe from memory errors comprehensively (i.e., for spatial, type, and temporal safety) using a technique published in our NDSS 2022 paper. In addition, we find that over 70% of heap objects can validated to be memory safe comprehensively as well, albeit using very different techniques in our preliminary paper heap memory safety validation. Objects that can be validated as memory safe can be protected by simple isolation (i.e., with low overhead), without runtime checks.

Mobile Security

We apply access control policy analysis to complex Android systems to find and fix vulnerabilities. The Android system now has a rich, fine-grained access control enforcement, but it is difficult to determine whether part of the file system may be prone to attack. Our analysis tool, PolyScope (USENIX 2021), identifies the file system accesses that may be exploited to launch attacks to detect vulnerabilities. We have extended PolyScope (IEEE TDSC 2023) to reason about Android's recent Scoped Storage (IEEE S&P 2021) policies as well. We have recently shown how to connect access control policy analysis to program analysis to detect zero-day vulnerabilities through the constructing and analysis of host attack graphs (IEEE SecDev 2023), unique in building attack graphs within a host from its access control policies without known vulnerabilities to assess the potential for zero-day attacks.

Systems Security

We have three areas of recent research on operating systems security. First, we explore techniques for automating driver isolation. We have developed the first mostly-automated approach to generate IDL for driver isolation (OSDI 2022), examined kernel isolation mechanisms using Extended Page Tables (VEE 2020, Best Paper), identified threats caused by remaining data sharing (HotOS 2023). Second, we have identified new hardware side channels, including timer-less side channels on Apple M1 processors (USENIX Security 2023) and channels to recover instruction addresses systematically (ISCA 2023). Third, we investigate file system security, including characterizing risks from combining case-sensitive and case-insensitive file systems (FAST 2023), which is happening in Linux and Windows, and developing rollback-resistant file systems (OSDI 2023) that can utilize untrusted storage securely.